ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 20 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 20
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company requires that IP packet data be inspected for invalid or malicious content.
Which of the following approaches achieve this requirement? (Choose two.)

  • A. Configure a proxy solution on Amazon EC2 and route all outbound VPC traffic through it. Perform inspection within proxy software on the EC2 instance.
  • B. Configure the host-based agent on each EC2 instance within the VPC. Perform inspection within the host-based agent.
  • C. Enable VPC Flow Logs for all subnets in the VPC. Perform inspection from the Flow Log data within Amazon CloudWatch Logs.
  • D. Configure Elastic Load Balancing (ELB) access logs. Perform inspection from the log data within the ELB access log files.
  • E. Configure the CloudWatch Logs agent on each EC2 instance within the VPC. Perform inspection from the log data within CloudWatch Logs.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by BillyC at Aug. 25, 2019, 5:22 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BillyC
Highly Voted 3 years, 8 months ago
Yes, A and B
upvoted 33 times
polo
3 years, 8 months ago
have you taken the exam yet?
upvoted 1 times
BillyC
3 years, 8 months ago
Tomorrow
upvoted 1 times
polo
3 years, 8 months ago
so how did it go man?
upvoted 4 times
...
enthuguys
3 years, 7 months ago
Hey Billy, how did your exam go? Hope you have cracked it :)
upvoted 2 times
...
...
...
...
josellama2000
Highly Voted 3 years, 8 months ago
C is incorrect. The VPC flow log stores multiple information about the packet, but it does not record the packet's content. Therefore these content cany be inspected. D is incorrect. Same as C E is incorrect. Same as C
upvoted 22 times
...
Benah
Most Recent 1 year, 8 months ago
A and B
upvoted 1 times
...
yd_h
2 years, 2 months ago
Selected Answer: AB
AWS services cannot perform deep packet inspection (DPI) on IP packet data. This is because AWS follows strict policies that prioritize customer privacy and security. AWS services only process the IP headers, which contain the routing and addressing information for the packet, and not the packet payload, which contains the actual data being transmitted.
upvoted 2 times
...
gg12345
2 years, 6 months ago
Selected Answer: AB
I'm not aware of AWS services inspecting packet layer traffic. Must be a host/marketplace type solution - therefore A and B
upvoted 3 times
...
dcasabona
2 years, 10 months ago
Selected Answer: AB
I agree with option A and B.
upvoted 1 times
...
ryuhei
2 years, 10 months ago
Selected Answer: AB
A and B are the answers. I can't see IP packets on C, D, and E.
upvoted 1 times
...
Appsec977
3 years ago
Selected Answer: AB
AWS services cannot perform Packet Inspection until or unless you don't use the IDS or firewall from a marketplace like TrendMicro, Fortinet, etc
upvoted 1 times
...
TigerInTheCloud
3 years, 1 month ago
Selected Answer: AB
B. is the only right answer. A. How about inbound traffic? However, all other 3 are wrong.
upvoted 1 times
...
RaySmith
3 years, 3 months ago
A and B is correct
upvoted 1 times
...
Radhaghosh
3 years, 4 months ago
Agreed A&B
upvoted 1 times
...
hk436
3 years, 7 months ago
A and B is my answer.!
upvoted 1 times
...
Mikeclue
3 years, 7 months ago
A,B it is on this one
upvoted 1 times
...
sanjaym
3 years, 7 months ago
Ans: AB 100%
upvoted 1 times
...
rocka1
3 years, 7 months ago
Amazon does not provide a service for packet inspection i.e. IPS/IDS, you have to use a EC2 Marketplace 3rd Party product.
upvoted 2 times
...
devjava
3 years, 7 months ago
Ans > A,B
upvoted 2 times
...
AfricanCloudGuru
3 years, 7 months ago
Ans (A & B)
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel